Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4
Fixed In:
12.1.0
Opened: Sep 01, 2015 Severity: 3-Major
Mangled SAML SSO requests (e.g. '/f5-w-...$$/saml/idp/profile/redirectorpost/sso') are processed internally by APM instead of being forwarded in internal server. As a result, an error is logged in /var/log/apm: "SSOv2 Error: No SP Connector attached to SAML SSO from assigned SAML resources matching authentication request."
SAML SSO will not work.
All conditions must be met: - BIG-IP1 is configured for portal access. - BIG-IP2 is used as SAML Service Provider. - BIG-IP2 must be located behind portal rewrite. - User attempts to initiated SAML SSO on Service Provider.
None
None